From 0632f1c6a85733b5fbf247e07cd668e8254b8809 Mon Sep 17 00:00:00 2001 From: hsiegeln <37154749+hsiegeln@users.noreply.github.com> Date: Fri, 3 Apr 2026 10:37:57 +0200 Subject: [PATCH] fix: agent token refresh returns 404 after server restart MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The refresh endpoint required the agent to exist in the in-memory registry. After server restart the registry is empty, so all refresh attempts got 404. The refresh token itself is self-contained with subject, application, and roles — the registry lookup is optional. Now uses application from the JWT, falling back to registry only if the agent happens to be registered. Co-Authored-By: Claude Opus 4.6 (1M context) --- .../AgentRegistrationController.java | 20 ++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/AgentRegistrationController.java b/cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/AgentRegistrationController.java index ffe863dd..53dea12c 100644 --- a/cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/AgentRegistrationController.java +++ b/cameleer3-server-app/src/main/java/com/cameleer3/server/app/controller/AgentRegistrationController.java @@ -173,17 +173,19 @@ public class AgentRegistrationController { return ResponseEntity.status(401).build(); } - // Verify agent exists - AgentInfo agent = registryService.findById(agentId); - if (agent == null) { - return ResponseEntity.notFound().build(); - } - - // Preserve roles from refresh token + // Preserve roles and application from refresh token List roles = result.roles().isEmpty() ? List.of("AGENT") : result.roles(); - String newAccessToken = jwtService.createAccessToken(agentId, agent.applicationId(), roles); - String newRefreshToken = jwtService.createRefreshToken(agentId, agent.applicationId(), roles); + String application = result.application() != null ? result.application() : "default"; + + // Try to get application from registry if available (agent may not be registered after server restart) + AgentInfo agent = registryService.findById(agentId); + if (agent != null) { + application = agent.applicationId(); + } + + String newAccessToken = jwtService.createAccessToken(agentId, application, roles); + String newRefreshToken = jwtService.createRefreshToken(agentId, application, roles); auditService.log(agentId, "agent_token_refresh", AuditCategory.AUTH, agentId, null, AuditResult.SUCCESS, httpRequest);